/** @see User#createUserForTesting(org.apache.hadoop.conf.Configuration, String, String[]) */ public static User createUserForTesting(Configuration conf, String name, String[] groups) { synchronized (UserProvider.class) { if (!(UserProvider.groups instanceof TestingGroups)) { UserProvider.groups = new TestingGroups(UserProvider.groups); } } ((TestingGroups)UserProvider.groups).setUserGroups(name, groups); return new SecureHadoopUser(UserGroupInformation.createUserForTesting(name, groups)); }
String fooGroupName = "group1"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(fooUserName, new String[]{fooGroupName});
String fooGroupName = "group1"; UserGroupInformation ugi = UserGroupInformation.createUserForTesting(fooUserName, new String[]{fooGroupName});
@Test public void testRpcFallbackToSimpleAuth() throws Exception { String clientUsername = "testuser"; UserGroupInformation clientUgi = UserGroupInformation.createUserForTesting(clientUsername, new String[] { clientUsername }); // check that the client user is insecure assertNotSame(ugi, clientUgi); assertEquals(AuthenticationMethod.SIMPLE, clientUgi.getAuthenticationMethod()); assertEquals(clientUsername, clientUgi.getUserName()); clientConf.set(User.HBASE_SECURITY_CONF_KEY, "simple"); serverConf.setBoolean(RpcServer.FALLBACK_TO_INSECURE_CLIENT_AUTH, true); callRpcService(User.create(clientUgi)); }
/** * Test that the groupNames are retrieved properly from UGI * @throws Exception */ @Test public void testSessionGetGroupNames() throws Exception { final String testUser = "authtestuser"; final List<String> testGroups = Arrays.asList("group1", "group2"); UserGroupInformation.createUserForTesting(testUser, testGroups.toArray(new String[0])); SessionState ss = new SessionState(getAuthV2HiveConf(), testUser); setupDataNucleusFreeHive(ss.getConf()); assertEquals("check groups", testGroups, ss.getAuthenticator().getGroupNames()); }
@Test public void testCredentialsNotOverwritten() throws Exception { final UserGroupInformation testUser = UserGroupInformation.createUserForTesting("test_user", new String[0]); final DagUtils dagUtils = DagUtils.getInstance(); Credentials originalCredentials = new Credentials(); final Text testTokenAlias = new Text("my_test_token"); @SuppressWarnings("unchecked") Token<? extends TokenIdentifier> testToken = mock(Token.class); originalCredentials.addToken(testTokenAlias, testToken); Credentials testUserCredentials = new Credentials(); testUser.addCredentials(testUserCredentials); final BaseWork work = mock(BaseWork.class); final DAG dag = DAG.create("test_credentials_dag"); dag.setCredentials(originalCredentials); testUser.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { dagUtils.addCredentials(work, dag); return null; } }); Token<? extends TokenIdentifier> actualToken = dag.getCredentials().getToken(testTokenAlias); assertEquals(testToken, actualToken); }
createMockOrcFile(197, 300, 600), new MockBlock("host1-1", "host1-2", "host1-3"))); FileInputFormat.setInputPaths(conf, "mock:/ugi/1"); UserGroupInformation ugi = UserGroupInformation.createUserForTesting(badUser, new String[0]); assertEquals(0, OrcInputFormat.Context.getCurrentThreadPoolSize()); try {
@Test public void testGetStagingDirWhenShortFileOwnerNameAndFullUserName() throws IOException, InterruptedException { Cluster cluster = mock(Cluster.class); Configuration conf = new Configuration(); String stagingDirOwner = USER_1_SHORT_NAME; Path stagingPath = mock(Path.class); UserGroupInformation user = UserGroupInformation .createUserForTesting(USER_1, GROUP_NAMES); assertEquals(USER_1, user.getUserName()); FileSystem fs = new FileSystemTestHelper.MockFileSystem(); FileStatus fileStatus = new FileStatus(1, true, 1, 1, 100L, 100L, FsPermission.getDefault(), stagingDirOwner, stagingDirOwner, stagingPath); when(stagingPath.getFileSystem(conf)).thenReturn(fs); when(fs.getFileStatus(stagingPath)).thenReturn(fileStatus); when(cluster.getStagingAreaDir()).thenReturn(stagingPath); assertEquals(stagingPath, JobSubmissionFiles.getStagingDir(cluster, conf, user)); }
@Test(expected = IOException.class) public void testGetStagingWhenFileOwnerNameAndCurrentUserNameDoesNotMatch() throws IOException, InterruptedException { Cluster cluster = mock(Cluster.class); Configuration conf = new Configuration(); String stagingDirOwner = "someuser"; Path stagingPath = mock(Path.class); UserGroupInformation user = UserGroupInformation .createUserForTesting(USER_1, GROUP_NAMES); assertEquals(USER_1, user.getUserName()); FileSystem fs = new FileSystemTestHelper.MockFileSystem(); FileStatus fileStatus = new FileStatus(1, true, 1, 1, 100L, 100L, FsPermission.getDefault(), stagingDirOwner, stagingDirOwner, stagingPath); when(stagingPath.getFileSystem(conf)).thenReturn(fs); when(fs.getFileStatus(stagingPath)).thenReturn(fileStatus); when(cluster.getStagingAreaDir()).thenReturn(stagingPath); assertEquals(stagingPath, JobSubmissionFiles.getStagingDir(cluster, conf, user)); }
@Test public void testGetStagingDirWhenShortFileOwnerNameAndShortUserName() throws IOException, InterruptedException { Cluster cluster = mock(Cluster.class); Configuration conf = new Configuration(); String stagingDirOwner = USER_1_SHORT_NAME; Path stagingPath = mock(Path.class); UserGroupInformation user = UserGroupInformation .createUserForTesting(USER_1_SHORT_NAME, GROUP_NAMES); assertEquals(USER_1_SHORT_NAME, user.getUserName()); FileSystem fs = new FileSystemTestHelper.MockFileSystem(); FileStatus fileStatus = new FileStatus(1, true, 1, 1, 100L, 100L, FsPermission.getDefault(), stagingDirOwner, stagingDirOwner, stagingPath); when(stagingPath.getFileSystem(conf)).thenReturn(fs); when(fs.getFileStatus(stagingPath)).thenReturn(fileStatus); when(cluster.getStagingAreaDir()).thenReturn(stagingPath); assertEquals(stagingPath, JobSubmissionFiles.getStagingDir(cluster, conf, user)); } }
@Test public void testAclsOff() { Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>(); Configuration conf = new Configuration(); String jobOwner = "testuser"; conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner); conf.setBoolean(MRConfig.MR_ACLS_ENABLED, false); String noAdminUser = "testuser2"; JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.constructJobACLs(conf); final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting( noAdminUser, new String[] {}); // acls off so anyone should have access boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertTrue("acls off so anyone should have access", val); }
@Test public void testGroups() { Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>(); Configuration conf = new Configuration(); String jobOwner = "testuser"; conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner); conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true); String user = "testuser2"; String adminGroup = "adminGroup"; conf.set(MRConfig.MR_ADMINS, " " + adminGroup); JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.constructJobACLs(conf); final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting( user, new String[] {adminGroup}); // acls off so anyone should have access boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertTrue("user in admin group should have access", val); } }
@Test public void testGetStagingDirWhenFullFileOwnerNameAndFullUserName() throws IOException, InterruptedException { Cluster cluster = mock(Cluster.class); Configuration conf = new Configuration(); Path stagingPath = mock(Path.class); UserGroupInformation user = UserGroupInformation .createUserForTesting(USER_1, GROUP_NAMES); assertEquals(USER_1, user.getUserName()); FileSystem fs = new FileSystemTestHelper.MockFileSystem(); when(cluster.getStagingAreaDir()).thenReturn(stagingPath); when(stagingPath.getFileSystem(conf)).thenReturn(fs); //Staging directory owner full principal name is in lower case. String stagingDirOwner = USER_1.toLowerCase(); FileStatus fileStatus = new FileStatus(1, true, 1, 1, 100L, 100L, FsPermission.getDefault(), stagingDirOwner, stagingDirOwner, stagingPath); when(fs.getFileStatus(stagingPath)).thenReturn(fileStatus); assertEquals(stagingPath, JobSubmissionFiles.getStagingDir(cluster, conf, user)); //Staging directory owner full principal name in upper and lower case stagingDirOwner = USER_1; fileStatus = new FileStatus(1, true, 1, 1, 100L, 100L, FsPermission.getDefault(), stagingDirOwner, stagingDirOwner, stagingPath); when(fs.getFileStatus(stagingPath)).thenReturn(fileStatus); assertEquals(stagingPath, JobSubmissionFiles.getStagingDir(cluster, conf, user)); }
@Test public void testClusterAdmins() { Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>(); Configuration conf = new Configuration(); String jobOwner = "testuser"; conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner); conf.set(JobACL.MODIFY_JOB.getAclName(), jobOwner); conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true); String clusterAdmin = "testuser2"; conf.set(MRConfig.MR_ADMINS, clusterAdmin); JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.constructJobACLs(conf); final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting( clusterAdmin, new String[] {}); // cluster admin should have access boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertTrue("cluster admin should have view access", val); val = aclsManager.checkAccess(callerUGI, JobACL.MODIFY_JOB, jobOwner, jobACLs.get(JobACL.MODIFY_JOB)); assertTrue("cluster admin should have modify access", val); }
@Test public void testClusterNoAdmins() { Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>(); Configuration conf = new Configuration(); String jobOwner = "testuser"; conf.set(JobACL.VIEW_JOB.getAclName(), ""); conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true); String noAdminUser = "testuser2"; JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.constructJobACLs(conf); final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting( noAdminUser, new String[] {}); // random user should not have access boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertFalse("random user should not have view access", val); val = aclsManager.checkAccess(callerUGI, JobACL.MODIFY_JOB, jobOwner, jobACLs.get(JobACL.MODIFY_JOB)); assertFalse("random user should not have modify access", val); callerUGI = UserGroupInformation.createUserForTesting(jobOwner, new String[] {}); // Owner should have access val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertTrue("owner should have view access", val); val = aclsManager.checkAccess(callerUGI, JobACL.MODIFY_JOB, jobOwner, jobACLs.get(JobACL.MODIFY_JOB)); assertTrue("owner should have modify access", val); }
UserGroupInformation serverUgi = UserGroupInformation.createUserForTesting("server", new String[0]); PhoenixDoAsCallback callback = new PhoenixDoAsCallback(serverUgi, conf);
/** @see User#createUserForTesting(org.apache.hadoop.conf.Configuration, String, String[]) */ public static User createUserForTesting(Configuration conf, String name, String[] groups) { synchronized (UserProvider.class) { if (!(UserProvider.groups instanceof TestingGroups)) { UserProvider.groups = new TestingGroups(UserProvider.groups); } } ((TestingGroups)UserProvider.groups).setUserGroups(name, groups); return new SecureHadoopUser(UserGroupInformation.createUserForTesting(name, groups)); }
@Test public void ugiInstancesAreCached() throws Exception { Configuration conf = new Configuration(false); UserGroupInformation serverUgi = UserGroupInformation.createUserForTesting("server", new String[0]); PhoenixDoAsCallback callback = new PhoenixDoAsCallback(serverUgi, conf); UserGroupInformation ugi1 = callback.createProxyUser("user1"); assertEquals(1, callback.getCache().size()); assertTrue(ugi1.getRealUser() == serverUgi); UserGroupInformation ugi2 = callback.createProxyUser("user2"); assertEquals(2, callback.getCache().size()); assertTrue(ugi2.getRealUser() == serverUgi); UserGroupInformation ugi1Reference = callback.createProxyUser("user1"); assertTrue(ugi1 == ugi1Reference); assertEquals(2, callback.getCache().size()); }
@Before public void setUpUsers() throws IOException { // Make sure the current user's info is in the list of test users. UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); UserGroupInformation.createUserForTesting(currentUser.getUserName(), currentUser.getGroupNames()); testUser1 = UserGroupInformation.createUserForTesting("foo", new String[]{"bar", "baz"}); testUser2 = UserGroupInformation.createUserForTesting("fiz", new String[]{"buz", "boz"}); }
@Before public void before() throws Exception { decoratedFactory = mock(JdbcConnectionFactory.class); kerberosAuthenticator = mock(KerberosAuthenticator.class); testUser = UserGroupInformation.createUserForTesting("testUser", new String[]{}); when(kerberosAuthenticator.authenticate()).thenReturn(testUser); kerberizedConnectionFactoryDecorator = new KerberizedConnectionFactoryDecorator(decoratedFactory, kerberosAuthenticator); }